[openstack-dev] [neutron] Can Neutron VPNaaS work with strongswan? (Openswan removed from Debian)

Joshua Zhang joshua.zhang at canonical.com
Mon Oct 13 06:33:52 UTC 2014


Hi Thomas,
     I worked out a patch https://review.openstack.org/#/c/100791/  based
on the latest strongSwan configurations, it can work. but the neutron-spec
is still on review, see https://review.openstack.org/#/c/101457/
     Can someone help review and approve that spec, thanks.

On Mon, Oct 13, 2014 at 12:50 PM, trinath.somanchi at freescale.com <
trinath.somanchi at freescale.com> wrote:

> Hi-
>
> Yes, VPNaaS works with Strong Swan too. I have tried and was successful.
>
> Take the cherry-pick of 67 patchset from
> https://review.openstack.org/#/c/33148
>
> Work on the conflicts and run neutron. It works perfect.
>
> Hope this helps.
>
> --
> Trinath Somanchi - B39208
> trinath.somanchi at freescale.com | extn: 4048
>
> -----Original Message-----
> From: Thomas Goirand [mailto:zigo at debian.org]
> Sent: Sunday, October 12, 2014 9:54 AM
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: [openstack-dev] [neutron] Can Neutron VPNaaS work with
> strongswan? (Openswan removed from Debian)
>
> Hi,
>
> As you may know, OpenSwan has been largely unmaintained in Debian, and
> then was removed from Testing, and then Sid last summer. OpenSwan had some
> unaddressed security issues, and removing it from Debian was IMO the
> correct thing to do. Ubuntu followed, and Utopic doesn't have OpenSwan
> anymore either.
>
> Though there's StrongSwan, which is apparently an alternative. But can
> Neutron work with it? If not, how much work would it be to make Neutron use
> StrongSwan instead of OpenSwan, and could the maintainers of the VPNaaS
> people do this be worked on for Kilo? BTW, why not using something as
> popular as OpenVPN, which has more chances to be well maintained?
>
> Cheers,
>
> Thomas Goirand (zigo)
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Best Regards
Zhang Hua(张华)
Software Engineer | Canonical
IRC:  zhhuabj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141013/3117146b/attachment.html>


More information about the OpenStack-dev mailing list